How to update kernel of CentOS 7 to specific version which is no longer in the repository?

[eshubenkov]

Is there a way to update the CentOS 7 to specific version kernel that is no longer in the repository?

I need update CentOS 7.3.1611 from
3.10.0-514.el7.x86_64 to
3.10.0-693.11.6.el7.x86_ 64 or 4.4.80.el7.elrepo.x86_64.

The reason is the support it is these versions of kernel by the cryptographic software.

[TrevorH]

You are asking the wrong question. You really really do not want to deploy 7.3, especially if this has anything to do with security at all.

What you should be doing is fixing the "cryptographic software" to work with the current kernel.

[eshubenkov]

What you say is the most logical and correct thing. But if it were possible, I'd be happy to do it.

Can you help me and answer the substance of my question?

Thanks in advance.

[Mike_Rochefort]

If you would rather be safe the sorry:

yum update && reboot to bring yourself to latest CentOS packaging of 7.6.

yum install kernel-lt after installing the Elrepo kernel repository. The .80 vs .173 honestly makes no difference. There’s nothing in those patches that should break cryptographic software,maintaining functionality is half the point of an LTS release.

Now, if you absolutely only want to stick with upgrading with CentOS 7.4, all you need to do is edit the Vault yum repo file by duplicating the last section and modifying the paths to point to the correct release of CentOS.

If I were you, I would take option #1. The better option would be to ask the vendor of the software if they can verify and build against the latest version of CentOS/RHEL. Especially if the system is in any way exposed to the external network. If it’s in its own vlan and locked down under several layers, the specific version of CentOS it’s running starts to become less of an issue.

Cheers,
Mike

[eshubenkov]

Please do not consider me a child, do not consider me an idiot who does not want to be safe and work on the latest version of the kernel.
But as I said, I am asking you ONLY to help me update the kernel version of CentOS 7.3.1611 from
3.10.0-514.7.x86_64 to
3.10.0-693.11.6.7.x86_64.

Once again, please don't teach me life and what to do. I have 20 years in the profession, I know what I do. If the only place I'm waiting for support - this forum - can help me, then answer my question - how to update the kernel version as described above...

Here are the requirements for the kernel versions of the mentioned cryptographic SOFTWARE:
https://www.securitycode.ru/products/sz ... /required/

The software is certified and changing kernel versions is not possible simply because we want it...

If even here I can not help, then the choice of another Linux distribution is the only thing I have left.

Thanks in advance.

[George99]

So what you're asking for is a d/l for this particular kernel version?

A quick google search gave me: ftp://ftp.riken.jp/Linux/cern/centos/7/ ... ernel.html

I don't know if this may help you...

[schadfield]

Genius. A security product with an unpatched OS as a requirement. You can't make this stuff up.

[George99]

Well of course such machine should be isolated without any network connection and very restricted physical user access.

[eshubenkov]

[root@nginx kernel]# rpm -iv kernel-3.10.0-693.11.6.el7.x86_64.rpm
error: Failed dependencies:
dracut >= 033-502 is needed by kernel-3.10.0-693.11.6.el7.x86_64
linux-firmware >= 20170606-55 is needed by kernel-3.10.0-693.11.6.el7.x86_64
kexec-tools < 2.0.14-3 conflicts with kernel-3.10.0-693.11.6.el7.x86_64

Please prompt where further to dig?

[desertcat]

Genius. A security product with an unpatched OS as a requirement. You can't make this stuff up.

I tend to agree with you. Call me suspicious, but I am a little bit nervous about a security firm located in RUSSIA, a country who hacked the 2016 U.S. elections.